3 messages in com.mysql.lists.win32RE: Database security issue| From | Sent On | Attachments |
|---|---|---|
| ascll | 20 Dec 2002 01:23 | |
| Kevin Rutledge | 20 Dec 2002 07:15 | |
| Leo G. Divingracia III | 20 Dec 2002 17:43 |
| Subject: | RE: Database security issue |
|---|---|
| From: | Kevin Rutledge (kev...@in-genius.com) |
| Date: | 12/20/2002 07:15:12 AM |
| List: | com.mysql.lists.win32 |
This is not a security hole. This is what O/S security permissions are for.
If you are looking for that kind of security, then you really should install MySQL on a more secure computer (such as Windows NT/2000/XP Pro or Linux) and set directory permissions so that a user cannot access the files directly.
OR, you could store the data in an encrypted form so that only you have the key to decode it. This would be much more complicated though.
-Kevin
-----Original Message----- From: ascll [mailto:asc...@yahoo.com] Posted At: Friday, December 20, 2002 1:24 AM Posted To: MySQL Conversation: Database security issue Subject: Database security issue
Greetings,
How do I secure my own data by preventing unauthorized personnel to view/edit/delete on my own database created by MySQL ver 3.23.54?
Please consider the scenario below:
I have stored a database named ImportantDB (Type: MyISAM) on my PC, named PC01, and I ONLY use the command below:
"mysql --user=Admin --password=99999 ImportantDB"
to logon to MySQL on PC01 since I have removed ALL the records from "mysql -> user". Anyway, someone could easily copy my entire folder named "ImportantDB" and then restore to his or her PC (PC02, where MySQL installed) by using the default password or no password to view/edit/delete on my data.
My question is how could I prevent this type of security hole?
Thanks in advance.
ascll asc...@yahoo.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
--------------------------------------------------------------------- Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before posting. To request this thread, e-mail win3...@lists.mysql.com
To unsubscribe, send a message to the address shown in the List-Unsubscribe header of this message. If you cannot see it, e-mail win3...@lists.mysql.com instead.